Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7489 | 1 Teradata | 1 Virtual Machine | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution. | |||||
| CVE-2016-7504 | 1 Artifex | 1 Mujs | 2016-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition. | |||||
| CVE-2016-7505 | 1 Artifex | 1 Mujs | 2016-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code execution or denial of service condition. | |||||
| CVE-2016-7506 | 1 Artifex | 1 Mujs | 2016-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition. | |||||
| CVE-2016-7560 | 1 Fortinet | 1 Fortiwlc | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||
| CVE-2016-7561 | 1 Fortinet | 1 Fortiwlc | 2016-12-02 | 4.0 MEDIUM | 7.2 HIGH |
| Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. | |||||
| CVE-2016-7917 | 1 Linux | 1 Linux Kernel | 2016-12-02 | 4.3 MEDIUM | 5.0 MEDIUM |
| The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. | |||||
| CVE-2016-7919 | 1 Moodle | 1 Moodle | 2016-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields." | |||||
| CVE-2016-4106 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2016-12-02 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090. | |||||
| CVE-2016-4092 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4091. | |||||
| CVE-2016-7964 | 1 Dokuwiki | 1 Dokuwiki | 2016-12-02 | 4.3 MEDIUM | 8.6 HIGH |
| The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16. | |||||
| CVE-2016-7988 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2016-12-02 | 7.8 HIGH | 7.5 HIGH |
| On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542. | |||||
| CVE-2016-7488 | 1 Teradata | 1 Virtual Machine | 2016-12-02 | 7.2 HIGH | 7.8 HIGH |
| Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root. | |||||
| CVE-2016-7989 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2016-12-02 | 7.8 HIGH | 7.5 HIGH |
| On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542. | |||||
| CVE-2016-4567 | 2 Mediaelementjs, Wordpress | 2 Mediaelement.js, Wordpress | 2016-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn." | |||||
| CVE-2016-4566 | 2 Plupload, Wordpress | 2 Plupload, Wordpress | 2016-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack. | |||||
| CVE-2016-1820 | 1 Apple | 1 Mac Os X | 2016-12-02 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-1821 | 1 Apple | 1 Mac Os X | 2016-12-02 | 9.3 HIGH | 7.8 HIGH |
| IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-1826 | 1 Apple | 1 Mac Os X | 2016-12-02 | 9.3 HIGH | 7.8 HIGH |
| Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-1850 | 1 Apple | 1 Mac Os X | 2016-12-02 | 6.8 MEDIUM | 7.8 HIGH |
| SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | |||||